Seems like a simplistic topic, but keyloggers are one of the basic tools used in attacks. Even for you pros out there, it never hurts to go back and review the basics. You'll never know what you'll find useful. Thanks Dan. We look forward to more of your videos in the coming months, especially the next one on Proxychains + TOR.

Keyloggers are usually one of the top picks for a hacker or a spy's best friend. They basically serve as the eyes and ears of the attacker. They can be based on software or hardware and send detailed reports including the user's passwords, chat logs, all typed text, launched applications and visited websites. They can even send screenshots to visually show what the user was viewing as well as any webcam and microphone activity. Most laptops today come with a built-in webcam and microphone and don't usually give any signal that they have been enabled. Any person who uses that computer will have all their activities monitored and recorded in an encrypted log which only the attacker can access.

In this video, I will present the basics of keyloggers and also demonstrate a couple of my favorite keyloggers, their features, how hidden they are and how to prevent and detect keyloggers in general. At the end of this primer, the viewer should be able to fully understand where keyloggers fit into both sides of the equation.

Jamie.R wrote:very interesting does anyone ever use a key logger these days ?

I use them frequently. Far too often, pushing out a keylogger get me creds for an application or server / network. Depending on what I'm up to, and what I'm after, I might combine it with some social engineering, for example, such as causing a workstation or app crash, getting helpdesk or admin personnel to login to look at things, and grabbing their credentials, or just to grab usernames, passwords and web app URL's, etc., from 'Joe user.'

But yeah, most pentesters I know still use keyloggers, frequently, under a variety of circumstances.

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

White ghost wrote:Yeh because using keylogger id very easy for them butPhishing and social engineering is the best methods

I think it depends on the situation and what you're after. Yes, phishing and SE can help you get usernames and passwords, but as the article reads in the first paragraph, keyloggers are much more than just getting usernames and passwords.

They can be based on software or hardware and send detailed reports including the user's passwords, chat logs, all typed text, launched applications and visited websites. They can even send screenshots to visually show what the user was viewing as well as any webcam and microphone activity.

You highly unlikely that you're going to get chat logs, a complete history of keystrokes, launches applications, and websites a user has visited from a phishing attack or SE'ing. Yes, you can get other information via phishing and SE, but as I said, it all depends on the situation and what you're after. You use the best method for the situation at hand, and keyloggers definitely still have their place (as hayabusa has said).

Hey Guys. I know many have forgotten about keyloggers and just went onto phishing/SE'ing but I also know there are many of us (myself included) who still use them often. I've used them as hayabusa described by having an admin come over to my workstation to "help" me or have a look at something, punch in his/her admin creds and I've instantly got elevated credentials. I also know of quite a few parents who use commercial keyloggers to monitor their kids whereas other parents feel it's an invasion of privacy.

Anyway, after finding out just how popular they still are, I decided to make up a little vid about them. A few people recommended one certain keylogger which I haven't used before.... turns out it's quite the nasty little rootkit as well. (restored the OS and it keeps coming back. having fun though trying to remove it) lol

Forgot to mention that while researching keyloggers, I ran into several websites (including AV and CERT sites) which all say in the last year or two that "keyloggers have pushed phishing out of first place as the most-used method in the theft of confidential information".

Last edited by p0et on Mon Oct 31, 2011 11:26 am, edited 1 time in total.

One question about the video... I tried to download the free ardamax keylogger the video shows but when downloaded, it's actually a reg cleaner. The other two keyloggers are not really free. Would you know of any other free ones? Thanks